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PERFORMANCE  AUDITS 


Performance  audits  conducted  by  the  Office  of  the  Legislative  Auditor  are  designed  to  assess  state 
government  operations.  From  the  audit  woric,  a  determination  is  made  as  to  whether  agencies  and 
programs  are  accomplishing  their  purposes,  and  whether  they  can  do  so  with  greater  efficiency 
and  economy.  In  performing  the  audit  work,  the  audit  staff  uses  audit  standards  set  forth  by  the 
United  States  General  Accounting  Office. 

Members  of  the  performance  audit  staff  hold  degrees  in  disciplines  appropriate  to  the  audit  proc- 
ess. Areas  of  expertise  include  business  and  public  administration,  statistics,  economics,  com- 
puter science,  and  engineering. 

Performance  audits  are  performed  at  the  request  of  the  Legislative  Audit  Committee  which  is  a 
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The  Legislative  Audit  Committee 
of  the  Montana  State  Legislature: 

This  is  the  report  of  our  performance  audit  of  security  at  the  Montana  Lottery 
of  the  Department  of  Commerce.  This  report  contains  recommendations  concerning 
security  over  Lottery  operations  and  procedures  used  in  administering  Lottery 
operations.   The  Lottery  response  is  contained  at  the  end  of  the  report. 

We  wish  to  express  our  appreciation  to  the  staff  of  the  Lottery  for  their 
cooperation  and  assistance. 


scott 

Legislative  Auditor 
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Report  Summary 

In  1985,  the  Montana  Legislature  proposed  a  referendum  asking  voters  to 
decide  on  the  issue  of  having  a  state  Lottery.  In  November  of  1986  the  people  of 
Montana  passed  Legislative  Referendum  100  establishing  a  state  lottery.  Lottery 
ticket  sales  began  on  June  24,  1987  with  the  first  instant  game  tickets  going  on  sale 
to  the  public.  Montana  is  one  of  twenty-eight  states  currently  operating  a  lottery  in 
the  United  States. 

Section  23-5-1029,  MCA,  states,  "after  the  first  nine  months  of  sales  to  the 
public  and  every  two  years  after  that,  the  office  of  the  legislative  auditor  shall 
conduct  or  have  conducted  a  comprehensive  audit  of  all  aspects  of  security  in  the 
operation  of  the  lottery." 

This  audit  identified  areas  where  the  Lottery  can  improve  security.  The 
following  sections  summarize  the  results  of  our  performance  audit.  During  our  audit 
we  also  identified  areas  which  address  potential  security  invasion  and  must  remain 
confidential.   We  have  prepared  a  separate  report  which  covers  these  issues. 

COMPUnrER  SECURITY 

As  part  of  our  audit,  we  examined  security  controls  over  the  Lottery's 
computer  system.  Computer  security  controls  protect  assets  and  limit  losses  from 
three  types  of  basic  threats:  intentional  acts  such  as  fraud  and  sabotage;  disasters 
such  as  water  and  fire;  and  human  errors  and  omissions  such  as  data  entry  errors. 

During  our  audit  we  noted  concerns  with  computer  security  reviews;  EDP 
audit/data  security  administrator  functions;  and  physical  and  environmental  controls. 

Computer  Security  Reviews 

Many  of  the  computer  security  weaknesses  detected  during  our  audit  could 
have  been  addressed  by  an  internal  security  evaluation  performed  by  the  Lottery. 
The  Lottery  reviewed  the  software  provided  from  Scientific  Games,  Inc.  to  determine 
if  it  functioned  properly;  however,  the  Lottery  has  not  performed  an  internal 
evaluation  of  data  and  information  technology  resources  security. 

In  order  to  improve  security  over  computer  operations,  we  believe  the  Lottery 
should  perform  an  internal  security  review. 
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EDP  Auditor  Independence 

The  EDP  auditor  position  is  currently  not  an  internal  audit  function  as 
intended  by  the  job  description  for  that  position.  The  EDP  auditor  performs 
operational  duties  which  are  not  consistent  with  auditor  responsibilities. 

In  order  to  perform  his  auditing  duties  in  an  independent  manner,  we  believe 
the  Lottery  should  remove  the  EDP  auditor  from  duties  affecting  his  independence. 

Data  Security  Administrator 

The  data  security  administrator  is  deciding  who  obtains  file  access  and  is  also 
entering  file  and  program  access  rights  into  the  computer.  We  found  little 
documentation  to  support  the  reasons  why  people  were  given  their  access  rights. 
Management  was  not  informed  of  and  did  not  authorize  any  access  changes. 

In  order  to  properly  control  the  data  administrator  function,  we  believe  the 
data  security  administrator  should  document  file  access  rights  to  allow  review  by 
management.  We  also  believe  data  processing  management  should  monitor  and 
authorize  these  access  rights  independent  of  the  data  security  administrator. 

Water  Pipes 

We  noted  the  location  of  a  sink  and  water  pipes  make  Lottery  computer 
operations  vulnerable  to  disruption  from  water  damage.  In  order  to  minimize  the 
possibility  of  considerable  damage  to  the  computer  system,  we  believe  the  Lottery 
should  eliminate  the  flow  of  water  to  the  loft  area  above  the  computer  room  and 
protect  backup  computer  equipment  from  water  damage. 

Backup  and  Disaster  Recovery 

The  Lottery  does  not  have  a  formal,  tested  backup  and  recovery  plan  or  an 
alternate  site  agreement.  Backup  and  recovery  capabilities  should  be  sufficient  to 
restore  files  and  applications  when  loss  or  damage  to  data  occurs. 

We  believe  the  Lottery  should  develop  a  formal  tested  backup  and  disaster 
recovery  plan  that  includes  backup  equipment  options. 

Tape  Storage/Delivery 

During  our  audit  we  found  many  tapes  are  stored  horizontally  and  during 
delivery  are  transported  without  protective  coverings.  Exposing  tapes  to  physical  and 
environmental  dangers  could  destroy  data  contained  on  tapes  resulting  in  disruption 


S-2 


of  lottery  operations.  We  recommend  the  Lottery  store  all  computer  tapes  vertically 
and  transport  tapes  with  protective  coverings. 

BUILDING  SECURITY 

As  part  of  our  audit  we  reviewed  the  security  over  the  Lottery  building  in 
Helena  to  determine  if  any  deficiencies  existed.  We  identified  improvements  that  can 
be  made  with  the  Card  Access  System,  key  control  and  the  backup  power  supply 
room. 

Time  Zones  and  Access  Levels 

The  Card  Access  System  allows  Lottery  employees  to  have  access  in  several 
different  time  zones  and  building  areas.  The  current  time  zones  built  into  the  system 
appear  excessive.  Liberal  time  zones  increase  the  chance  of  unauthorized  access  to 
the  lottery  building  and  warehouse.  The  Lottery  does  not  have  written  policies  and 
procedures  explaining  the  criteria  for  developing  employee  access  levels  and  time 
zones. 

We  recommend  the  Lottery  formalize  policies  and  procedures  explaining  the 
criteria  for  employee  access  levels  and  time  zones  and  structure  the  time  zones  to 
reflect  security  needs. 

Reviewing  the  Card  Access  Printout 

Security  personnel  at  the  Lottery  are  not  reviewing  the  Card  Access  printout 
on  a  daily  basis.  By  not  reviewing  the  printout  daily,  security  personnel  do  not 
monitor  who  is  entering  and  exiting  different  areas  of  the  Lottery  building  and  are 
not  following  up  on  potential  problems  on  a  timely  basis. 

In  order  to  better  monitor  access  in  and  out  of  the  building,  we  believe 
security  personnel  should  review  the  printout  on  a  daily  basis. 

Card  Access  System  Alarm 

The  Card  Access  System  alarm  consists  of  a  buzzer  inside  the  computer 
console.  Because  the  console  is  located  in  the  backup  power  supply  room  in  the 
warehouse,  the  alarm  cannot  be  heard  by  security  personnel  in  the  office  area. 

We  believe  the  Lottery  should  move  the  Card  Access  System  alarm  to  an  area 
where  security  personnel  can  immediately  hear  it.  If  a  security  breach  occurs  Lottery 
officials  can  immediately  investigate,  thus  improving  building  security. 


S-3 


Key  Control 

The  Lottery  does  not  have  any  policies  and  procedures  for  key  control  or  keep 
detailed  records  for  key  issuances  and  return.  Failure  to  have  key  issuance  and 
recovery  procedures  and  adequate  records  could  result  in  loss,  misplacement  or  non- 
return of  keys.  We  believe  procedures  and  records  of  key  issuances  will  improve 
security  over  the  Lottery  building. 

Backup  Power  Supply  Room 

The  Lottery  has  a  room  containing  several  components  crucial  to  Lottery 
operations.  During  our  observations  of  warehouse  security  we  noted  the  backup 
power  supply  room  was  not  locked.  In  order  to  protect  against  unauthorized  accesses 
to  the  room  by  Lottery  employees  or  intruders,  the  room  should  be  kept  locked  at 
all  times. 

OTHER  SECURITY/MANAGEMENT  CONTROLS 

During  our  audit  we  evaluated  other  security  and  management  controls 
relating  to  Lottery  operations.   We  found  the  following  areas  need  improvement. 

Overall  Policies  and  Procedures 

The  Lottery  does  not  have  an  updated  policies  and  procedures  for  its  overall 
operation.  Many  parts  of  the  original  manual  supplied  by  Scientific  Games,  Inc.  do 
not  reflect  current  operations. 

We  recommend  the  Lottery  update  and  follow  the  present  policies  and 
procedures  manual  for  Lottery  operations. 

Security  Policies  and  Procedures 

The  Lottery  does  not  have  formal  security  policies  and  procedures  as  part  of 
its  overall  manual.  We  recommend  the  Lottery  develop  a  security  policies  and 
procedures  section  to  be  included  in  the  overall  policies  and  procedures  manual. 

Employee/Retailer  Background  Checks 

The  Lottery  does  not  have  any  formal  written  policies  and  procedures  for 
conducting  employee/retailer  background  checks.  We  also  noted  a  background  check 
was  not  completed  on  the  janitorial  firm  contracted  by  the  Lottery. 
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We  recommend  the  Lottery  develop  policies  and  procedures  for 
employee/retailer  background  checks  and  conduct  a  background  check  on  the 
janitorial  firm  employed  by  the  Lottery. 

Position  Descriptions  and  Job  Duties 

We  noted  several  Lottery  employees  are  performing  duties  inconsistent  with 
their  job  descriptions.  Position  descriptions  should  include  all  the  duties  an  employee 
is  required  to  perform.  We  recommend  the  Lottery  update  position  descriptions  to 
accurately  describe  duties  performed  by  employees. 

Performance  Appraisals 

Performance  appraisals  have  not  been  completed  for  any  Lottery  employees 
since  the  Lottery's  inception.  Job  objectives  and  standards  are  still  in  the  drafting 
process.  The  Montana  Operations  Manual  requires  that  employees  be  appraised  at 
least  annually.  We  recommend  the  Lottery  implement  a  formal  employee 
performance  appraisal  system. 

Working  Paper  Documentation 

The  internal  audit  function  of  the  Montana  Lottery  does  not  maintain 
adequate  documentation  to  support  the  audit  reports  issued.  Without  adequate 
documentation  in  the  form  of  audit  plans,  programs  and  working  papers,  it  is 
difficult  for  management  and  external  auditors  to  review  and  rely  on  work  performed 
by  the  internal  audit  staff  function. 

We  recommend  the  Lottery  internal  audit  function  maintain  better 
documentation  in  the  form  of  plans,  programs,  and  working  papers. 

Special  Promotions 

The  Instabuck  program  is  an  ongoing  special  promotion  program  involving  the 
use  of  coupons.  At  the  present  time  there  are  inadequate  policies  for  the  distribution 
of  Instabucks.  Instabucks  can  only  be  accounted  for  in  large  quantities  and  the 
potential  exists  for  retailers  to  receive  an  additional  discount  on  the  purchase  of 
instant  game  tickets. 

Sound  policies  and  procedures  will  provide  guidance  for  Lottery  employees 
when  carrying  out  the  intentions  of  promotions  and  ensure  strong  controls  are 
maintained.    We  also  believe  the  security  department  should  be  involved  whenever 
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special  promotions  are  considered.    If  promotions  are  borrowed  from  other  states, 
security  should  contact  that  state's  security  department  about  that  promotion. 

We  recommend  the  Lottery  develop  policies  and  procedures  for  Instabuck 
distributions  and  involve  the  security  staff  in  the  planning  and  development  of 
special  promotions. 

Legislative  Liaison  Committee 

By  law  a  Legislative  Liaison  Committee  was  established  to  report  to  the 
Legislature  on  the  activities  and  operations  of  the  state  lottery.  The  statute  also 
requires  the  committee  meet  with  the  Lottery  Commission  on  an  annual  basis. 

As  of  December  1988,  the  Legislative  Liaison  Committee  and  the  Lottery 
Commission  have  not  held  any  meetings.  We  recommend  a  meeting  be  scheduled 
every  fiscal  year  between  the  Legislative  Liaison  Committee  and  Lottery  Commission. 
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CHAPTER  I 
INTRODUCTION 

Section  23-5-1029,  MCA,  states,  "after  the  first  9  months  of  sales  to  the 
public  and  every  two  years  after  that,  the  office  of  the  legislative  auditor  shall 
conduct  or  have  conducted  a  comprehensive  audit  of  all  aspects  of  security  in  the 
operation  of  the  lottery." 

The  objectives  of  this  performance  audit  were  to  determine: 

1.  Adequacy  of  security  over  the  computer  systems  used  by  the  Lottery. 

2.  Adequacy  of  building  security  at  Lottery  headquarters  in  Helena. 

3.  Adequacy  of  Lottery  mail  handling  procedures. 

4.  Adequacy  of  security  over  Lottery  instant  games,  promotions  and 
instant  game  tickets. 

5.  Adequacy  of  procedures  used  for  employee  and  retailer  background 
checks. 

6.  Adequacy  of  management  controls  over  Lottery  operations  relating  to 
security. 

7.  Lottery  compliance  with  state  laws,  administrative  rules  and  state 
policies  relating  to  Lottery  security. 

STATEMENT  OF  PRIVILEGED  AND  CONFIDENTIAL  INFORMATION 

According  to  section  23-5-1030,  MCA,  "Specific  audit  findings  relating  to 
security  invasion  techniques  are  confidential  and  may  be  reported  only  to  the 
legislative  audit  committee,  the  director  of  the  lottery,  the  commission,  the  attorney 
general,  and  the  governor."  During  our  audit  work  we  identified  areas  which  address 
potential  security  invasion  and  must  remain  confidential.  We  have  prepared  a 
separate  report  which  covers  these  issues.  The  areas  addressed  are:  computer  security 
controls;  alarm  systems;  warehouse  structures;  and  ticket  storage. 

SCOPE  OF  AUDIT 

This  audit  was  conducted  in  accordance  with  government  auditing  standards 
for  performance  audits.  Audit  work  focused  on  all  aspects  of  security  over  Lottery 
operations  and  related  management  controls. 

During  our  audit  work  we  reviewed  security  over  the  Lottery  building,  instant 
game  tickets  and  special  promotions,  and  the  Lottery  computer  system.  We  reviewed 


computer  security  controls  over  the  Lottery's  Stratus  computer  system.  We  also 
visited  Lottery  marketing  representatives  and  retailers  to  evaluate  security  measures 
used  when  delivering  and  storing  instant  game  tickets. 

At  Lottery  headquarters  in  Helena,  we  examined  management  controls  relat- 
ing to  security.  This  included  interviewing  Lottery  staff  and  observing  procedures 
used  in  performance  of  their  duties.  We  also  relied  on  audit  work  previously 
performed  by  our  office,  and  by  a  private  auditing  firm  under  contract  with  our 
office  to  conduct  a  financial  audit  of  Lottery  operations  and  to  monitor  all  Big  Spin 
Drawings  and  Big  Spins. 

As  part  of  our  audit  work  we  reviewed  the  computer  systems  at  Scientific 
Games,  Inc.  operations  in  Atlanta,  Georgia,  and  Gilroy,  California.  Scientific  Games, 
Inc.  provides  the  Lottery  with  instant  game  lottery  tickets  and  related  services  used 
in  administering  Lottery  operations.  We  reviewed  controls  over  the  computer  opera- 
tions used  to  generate  game  prize  structures  and  over  the  printing  process  used  to 
produce  instant  game  tickets. 

Lottery  programs  in  other  states  were  contacted  to  provide  information  on 
how  other  programs  operate. 

ADEQUATE  SECURITY  AREAS 

During  our  audit  we  evaluated  security  and  management  controls  relating  to 
Lottery  operations.  We  believe  Lottery  management  and  staff  have  made  a  good 
effort  at  establishing  adequate  security  over  its  operations.  The  following  are  areas 
in  which  overall  security  appears  adequate: 

1.  Big  Spin  Drawings  and  Big  Spin  Events. 

2.  Security  and  background  checks  for  employees  and  retailers. 

3.  Delivery  of  instant  game  tickets  to  the  Lottery  headquarters  and  to 
retailers. 

4.  Controls  to  prevent  premature  identification  of  winning  instant  game 
tickets. 

5.  Controls  against  forging  of  instant  game  tickets. 

6.  Destruction/disposal  of  non-selected  Big  Spin  drawing  tickets  and 
envelopes. 

Although  the  Lottery  has  developed  security  and  management  controls  we 
have  identified  areas  where  Lottery  security  could  be  improved.  In  our  reports  we 
identify  a  number  of  security  weaknesses  which  could  cause  problems  for  the  Lottery. 


During  our  audit  work  we  did  not  find  instances  of  improper  or  illegal  activity 
resulting  from  the  identified  weaknesses.  The  potential  for  such  activity  can  be 
decreased  if  the  Lottery  implements  our  recommendations. 

COMPLIANCE 

As  part  of  our  audit  we  reviewed  compliance  with  state  laws,  administrative 
rules,  and  state  policies  relating  to  Lottery  security  operations.  We  generally  found 
the  Lottery  was  in  compliance  with  state  laws,  rules  and  policies.  Two  instances  of 
noncompliance  were  noted  during  our  examination  and  are  included  in  this  report. 
The  first  issue  concerns  the  internal  evaluation  of  security  over  the  Lottery's 
computer  system.  The  second  issue  concerns  the  Legislative  Liaison  Committee 
established  to  report  on  Lottery  activities  to  the  Legislature. 

INTERIM  MEMORANDUMS 

During  the  audit  we  notified  Lottery  officials  of  control  weaknesses.  These 
areas  related  to  potential  report  issues  and  recommendations.  In  addition,  we  issued 
management  memorandums  during  the  start-up  phase  of  Lottery  operations  and  dur- 
ing the  course  of  our  audit  work.  These  management  memorandums  addressed  con- 
cerns identified  during  our  audit  work  that  were  not  significant  enough  to  include 
in  our  audit  report.   The  memorandums  addressed: 

warehouse  security; 

the  Card  Access  System; 

the  inventory  process; 

storage,  handling,  and  disposition  of  Lottery  instant  game  tickets  and 
envelopes; 

ticket  validation  numbers; 

the  evaluation  of  instant  games  and  special  promotions; 

the  visitor  log  book; 

logos  on  Lottery  vehicles; 

Lottery  vehicle  alarms; 

controls  over  the  signature  stamp  machine; 

concerns   identified   during   our   visits   to   Scientific   Games,    Inc. 
operations  in  Georgia  and  California; 


controls  over  the  computer  system  modem; 

documentation  of  cases  with  special  security  considerations; 

the  audit  trail  for  void  checks; 

input  controls   for  master  files; 

documentation  of  computer  applications; 

inspection  of  the  inventory  tape  seal; 

internal  auditor  independence; 

controls  over  the  status  of  ticket  inventory;  and, 

the  computer  room. 


CHAPTER  II 
BACKGROUND 

In  1985,  the  Montana  Legislature  proposed  a  referendum  asking  voters  to 
decide  on  the  issue  of  having  a  state  lottery.  In  November  of  1986,  the  people  of 
Montana  passed  Legislative  Referendum  100  establishing  a  state  lottery.  Lottery 
ticket  sales  began  on  June  24,  1987,  with  the  first  instant  game  tickets  going  on  sale 
to  the  public.  Montana  is  one  of  twenty-eight  states  currently  operating  a  lottery  in 
the  United  States. 

The  Lottery  has  established  five  major  goals  for  the  operation  of  the  Lottery: 

1.  To  maximize  the  sales  potential  of  lottery  products  in  the  state  of 
Montana. 

2.  To  maintain  the  dignity  of  the  State  while  utilizing  competitive 
marketing  strategies  in  the  sale  of  lottery  products. 

3.  To  inform  and  educate  players,  retailers,  legislative  members,  govern- 
mental officials,  and  the  public  at  large  by  providing  and  distributing 
accurate  and  timely  information  about  lottery  operations. 

4.  To  maximize  staff  potential  and  encourage  excellence  in  the  work- 
place. 

5.  To  monitor  and  maintain  adequate  flexibility  in  operations,  policies, 
and  procedures  to  allow  timely  development  of  new  products,  ideas, 
and  management  techniques. 

This  chapter  provides  an  overview  of  Montana  Lottery  operations.  It 
describes  the  Lottery  organization,  funding,  computer  operations,  instant  games.  Big 
Spin  Drawings  and  Big  Spins. 

LOTTERY  ORGANIZATION 

The  Montana  Lottery  is  assigned  to  the  Department  of  Commerce  for  admin- 
istrative purposes  only.  The  Lottery  Commission,  along  with  the  Director  of  the 
Lottery,  supervises  Lottery  operations.  The  following  chart  displays  the  organ- 
izational structure  of  the  Lottery. 


MONTANA  LOTTERY 


Source:   Montana  Lottery 
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Lottery  Commission 

During  December  of  1986,  the  Governor  appointed  a  five-member  Lottery 
Commission  and  an  executive  director  to  oversee  the  operations  of  the  Montana 
Lottery.  According  to  section  23-5-1006,  MCA,  "At  least  one  commissioner  must 
have  5  years  of  experience  as  a  law  enforcement  officer.  At  least  one  commissioner 
must  be  an  attorney  admitted  to  the  practice  of  law  in  Montana.  At  least  one 
commissioner  must  be  a  certified  public  accountant  licensed  in  Montana."  The 
remaining  two  board  members  are  public  members.  Currently  one  position  is  held 
by  a  representative  of  the  general  public  and  the  other  is  vacant. 

The  Commission  must  meet  with  the  Director  at  least  once  every  three  months 
to  set  policies  and  supervise  the  activities  and  operations  of  the  Lottery. 


Lottery  Staff 

The  Director  of  the  Montana  Lottery  coordinates  the  three  main  divisions 
of  the  Lottery:  security  (3.5  FTE);  marketing  (14.5  FTE);  and  operations  (12  FTE). 
There  are  also  5  FTE  in  the  administration  function  of  the  Lottery.  Each  of  the  three 
main  divisions  is  headed  by  a  Director.  In  total  there  are  35  full-time  employees, 
including  marketing  representatives  serving  Bozeman,  Great  Falls,  Kalispell, 
Missoula,  Billings,  Miles  City,  Glasgow,  Helena,  and  Butte. 

SECURITY  OPERATIONS 

The  Lottery  security  division  is  staffed  by  a  director,  investigator,  electronic 
data  processing  (EDP)  auditor  and  a  half-time  licensing  clerk.  The  security  division 
is  responsible  for  monitoring  all  aspects  of  security  for  Lottery  operations.  This 
includes  performing  background  checks  for  all  prospective  Lottery  employees  and 
retailers,  issuing  licenses  to  retailers,  ensuring  the  security,  integrity  and  quality  of 
lottery  tickets,  and  directing  the  investigation  of  alleged  lottery  fraud.  The  security 
division  also  monitors  Big  Spin  Drawings  and  Big  Spins  to  ensure  they  are  conducted 
fairly  and  securely. 

FUNDING 

Lottery  operations  are  funded  through  the  sale  of  Lottery  instant  game  tickets. 
For  each  dollar  spent  on  a  ticket,  the  money  is  required  by  statute  to  be  distributed 
as  follows: 

-  as  near  as  possible  45%  of  the  money  must  be  paid  out  as  prize  money; 

-  up  to  15%  of  gross  revenue  may  be  used  for  operating  expense; 

-  no  more  than  5%  to  be  used  for  retail  commissions;  and 

-  all  gross  revenue  not  used  for  prizes,  commissions,  and  operating  expenses 
is  net  revenue  and  must  be  paid  quarterly  to  the  Superintendent  of  Public 
Instruction. 

For  the  first  full  fiscal  year  of  operations  the  Lottery  collected  21.8  million 
dollars  in  revenue.  All  revenue  not  used  for  the  payment  of  prizes,  commissions,  and 
operating  expenses  is  paid  quarterly  to  the  Montana  Office  of  Public  Instruction 
(OPI).  The  Office  of  Public  Instruction  recently  transferred  8.4  million  dollars  to 
Montana  counties  to  help  pay  for  local  school  district  employee  retirement  benefits. 
The  actual  Lottery  revenue  distributions  are  displayed  in  the  following  chart. 


MONTANA  LOTTERY  REVENUE  DISTRIBUTIONS 


FISCAL  YEAR  ISQ"?- 


OPI  $9.4  mi  I  * 

Prizes  $9.8  mil 


Operating  Expenses  $3.2  mil 


Retailer  Commissions  $1.2  mil 


«  OPI  figures  Include  June  24-June  30.  1987 
ana  July  1.  1967  -June  30,  1988  (FY  1987-88) 

Source.  Conpiled  by  tne  Oflice  of  the  Legislative  Auditor 
iron  Financial  Conpliance  Contract  Audit  Figures 


I  I  I ustrat I  on  2 


COMPUTER  OPERATIONS 

The  Montana  Lottery  purchased  a  Stratus  minicomputer  to  perform  data  pro- 
cessing operations.  The  system  uses  Instant  Lottery  Software  (ILS)  purchased  from 
Scientific  Games,  Inc.  The  Lottery  also  uses  five  microcomputers  to  assist  Lottery 
personnel  in  the  administration  of  Lottery  operations.  There  are  four  full-time 
Lottery  employees  involved  in  computer  operations,  including  a  data  security  admin- 
istrator/EDP  auditor. 

The  Lottery  uses  the  ILS  to  verify  winning  tickets;  write  checks  to  winners; 
void  unused,  returned  or  stolen  tickets;  monitor  and  issue  inventory;  collect  payments 
from  retailers  using  Electronic  Funds  Transfer  (EFT);  and  collect  data  on  prize 
winners.  One  microcomputer  is  used  in  the  development  of  prize  structures  for  each 
instant  game. 
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INSTANT  GAMES 

The  Montana  Lottery  started  operations  by  offering  instant  game  tickets  to 
Lottery  purchasers.  The  instant  game  allows  players  to  find  out  instantly  if  they  are 
winners  by  rubbing  a  latex  coating  off  of  a  ticket.  If  the  ticket  play  symbols  match 
up,  line  up,  or  add  up;  the  player  wins  instantly. 

Game  Design/Prize  Structure 

With  the  exception  of  the  first  three  Lottery  instant  games,  which  were 
designed  by  Scientific  Games,  Inc.,  all  games  are  designed  by  Lottery  staff.  Staff 
members  meet  periodically  to  discuss  game  strategies,  prize  structures  and  ticket 
specifications.  Once  this  information  is  put  together  it  is  sent  to  Scientific  Games, 
Inc.  where  working  papers  for  each  game  are  developed.  These  working  papers  are 
then  sent  back  to  the  Lottery  where  they  are  analyzed  and  reviewed  by  several 
Lottery  staff  members.  Several  draft  versions  of  working  papers  are  developed  and 
reviewed  before  a  final  game  design  and  prize  structure  is  executed. 

As  mentioned  above,  each  game  has  a  prize  structure.  The  Lottery  has  made 
the  decision  to  offer  two  games  simultaneously  to  the  public,  with  each  game  having 
a  different  prize  structure.  For  example,  one  game  will  have  a  lower  top  price  (i.e., 
$100,  $500),  while  the  other  game  will  have  a  higher  top  prize  (i.e.,  $10,000, 
$15,000). 

Prize  structures  are  based  on  240,000  tickets  (a  pool).  Within  each  pool  the 
prize  structure  will  remain  constant,  with  the  total  low-tier  and  high-tier  prizes 
equaling  45  percent  of  the  total  sales  value  of  those  tickets.  The  following  is  an 
example  of  a  prize  structure  developed  for  a  recent  instant  game. 


INSTANT  GAME  PRIZE  STRUCTURE 


Winners  In 
17  Pools 

505,920 

285.000 

48,690 

16,320 

8,160 

8,160 

731 

17 

10 

107         51.404  873.878 

*  A  guaranteed  Low-End  Prize  Structure  (GLEPS)  is  used  for 
each  pack  of  500  tickets.  Every  pack  of  tickets  in  a  given 
game  has  the  exact  same  dollar  amount  for  low  tier  prizes 
(prizes  $25  or  less). 

Source:   Montana  Lottery 

Illustration  3 


Guaranteed 

Winners 

Winners  In 

Prize 

Odds 

In  500* 

240 

000 

Ticket 

1: 

8 

62 

29 

760 

$2 

1:14 

35 

16 

800 

$3 

1:83 

6 

2 

800 

$4 

1:250 

2 

960 

$9 

1:500 

1 

480 

$18 

1:500 

1 

480 

$50 

1:5,581 

-- 

43 

$500 

1:240.000 

-- 

1 

$5000 

1: 

408,000 

-- 

-- 

Ticket  Delivery/Inventory 

All  instant  game  tickets  are  printed  by  Scientific  Games,  Inc.  in  Gilroy, 
California,  and  shipped  to  Lottery  headquarters  nonstop  via  semi-trailer.  When  the 
trailer  arrives  at  Lottery  headquarters,  the  Director  of  Security  inspects  the  trailer  for 
any  tampering.  Once  the  Director  of  Security  is  satisfied  the  trailer  has  not  been 
tampered  with,  the  seal  on  the  trailer  is  cut  and  the  trailer  opened.  The  contents  are 
then  inspected  by  the  warehouse  supervisor  for  any  damage.  The  trailer  is  then 
unloaded  and  the  tickets  moved  to  the  fenced  area  inside  the  warehouse. 

Once  all  the  tickets  are  in  the  warehouse,  a  100  percent  inventory  is  con- 
ducted. As  part  of  the  inventory  process,  a  visual  inspection  of  each  pack  of  tickets 
is  performed.  The  packs  are  examined  to  ensure:  the  first  ticket  number  is  000  and 
the  last  is  499;  the  latex  covering  on  the  first  page  of  tickets  is  free  from  scratches; 
all  the  play  symbols  are  covered  by  latex;  all  the  elements  on  the  first  page  of  tickets 
are  in  proper  alignment;  the  general  appearance  of  tickets  is  good;  and  the  shrink- 
wrap  is  free  of  tears.  Any  defective  packs  are  recorded  and  pulled  from  inventory. 
After  the  inventory  is  complete  the  tickets  are  separated  into  marketing  repre- 
sentative regions  in  the  warehouse.  Once  the  tickets  are  separated  into  regions,  they 
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are  ready  for  delivery  to  marketing  representatives.  At  the  start  of  a  new  instant 
game  the  tickets  are  picked  up  by  marketing  representatives  or  delivered  by  Lottery 
staff.  However,  periodically  the  Lottery  uses  the  United  Parcel  Service  to  send 
tickets  to  retailers  in  a  region.  Normally  this  is  done  when  marketing  representatives 
are  on  vacation  and  a  retailer  needs  tickets  delivered. 

Retailers 

There  are  approximately  1,000  retailers  licensed  to  sell  lottery  tickets  in 
Montana.  Before  retailers  are  considered  for  a  license,  they  are  subject  to  a 
background  investigation  by  the  Lottery's  security  department.  According  to  section, 
23-5-1019,  MCA,  "No  person  who  has  been  convicted  of  a  felony  or  a  gambling- 
related  offense  under  federal  law  or  the  law  of  any  state  may  be  a  commissioner, 
director,  assistant  director,  employee  of  the  state  lottery,  or  licensed  ticket  or  chance 
sales  agent." 

The  cost  of  a  license  is  $50  which  is  used  to  cover  the  cost  of  investigating 
and  processing  the  application. 

End  of  Game  Inventory 

At  the  conclusion  of  each  instant  game,  all  unsold  tickets  are  returned  by 
retailers  to  marketing  representatives  in  each  region.  The  marketing  representatives 
are  then  responsible  for  returning  all  these  tickets  to  Lottery  headquarters.  Upon 
receipt  of  unsold  tickets  from  all  regions,  a  100  percent  inventory  is  performed,  and 
an  audit  of  tickets  is  conducted  by  the  Lottery's  internal  auditor. 

Ticket  Sales 

The  Lottery  is  currently  offering  its  eighth  and  ninth  instant  games  for  sale 
to  the  public.  Sales  figures  for  the  first  seven  instant  games  are  displayed  by  the 
following  chart.  Sales  figures  for  game  seven  are  not  complete. 


LOTTERY  INSTANT  GAME  SALES 


oP»a  -  Uhoudltod 


o 


\ 


-^ 


v^ 


Qane  Number  C<*nie  7  Figures  Not  FInoO 


Note:  The  above  chart  lists  sales  by  game  and  does  not  accurately  represent  the 
actual  decrease  in  sales  over  time  because  the  Lottery  is  offering  two  games 
simultaneously. 

Source:  Compiled  by  the  Office  of  the  Legislative  Auditor  from  Lottery  records 

Illustration  #4 

BIG  SPIN  DRAWINGS  AND  BIG  SPINS 

If  Lottery  players  are  not  successful  in  winning  a  prize  in  an  instant  game, 
they  may  send  five  non-winning  tickets  to  the  Lottery  for  a  chance  to  participate  in 
the  Big  Spin.  All  Big  Spin  Drawings  and  Big  Spins  are  videotaped  and  witnessed  by 
an  independent  auditor  contracted  with  the  Office  of  the  Legislative  Auditor.  We 
reviewed  the  periodic  reports  produced  by  the  contract  auditor  and  found  no  signifi- 
cant security  concerns.  Based  upon  these  reports  and  on  previous  observations  done 
by  our  office,  it  appears  that  security  over  these  events  is  adequate. 

Big  Spin  Drawings 

Big  Spin  entries  are  mailed  to  the  Post  Office  in  Helena  where  they  are  picked 
up  by  Lottery  employees  on  a  daily  basis.  The  envelopes  are  then  stored  in  hampers, 
inside  a  locked,  fenced  area  inside  the  Lottery  warehouse.  Once  a  week,  usually  on 
Friday,  the  envelopes  are  prepared  for  the  Big  Spin  Drawing.  Envelopes  are  placed 
in  a  large  garbage  can  lined  with  two  large  plastic  bags,  the  bags  are  then  filled  until 
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they  equal  the  weight  of  3,000  envelopes.  After  the  bags  are  filled  they  are  removed 
from  the  garbage  can,  sealed  with  evidence  tape  and  plastic  ties,  and  dated. 

The  Big  Spin  Drawings  are  held  every  Monday  at  Lottery  headquarters  in 
Helena.  Originally,  the  number  of  finalists  was  based  on  the  number  of  tickets  sold 
(one  finalist  for  every  120,000  tickets  sold).  However,  the  Lottery  has  recently 
decided  to  have  three  finalists  for  each  Big  Spin  regardless  of  ticket  sales. 

At  the  drawing  a  non-lottery  employee  will  select  three  envelopes  from  each 
of  the  plastic  bags.  These  envelopes  are  then  placed  into  a  large  drum  and  mixed 
thoroughly  prior  to  drawing  the  finalists.  Then  the  finalists'  envelopes  are  drawn 
one  at  a  time,  opened  and  checked  to  see  if  they  are  valid  entries.  A  valid  entry 
consists  of  five  non-winning  tickets  from  eligible  games,  tickets  from  only  one 
person,  and  a  means  to  identify  the  person  such  as  a  readable  name  and  address. 

Before  the  Big  Spin  finalists  are  notified  by  a  certified  letter,  a  validation 
check  is  conducted.  Numbers  from  the  non-winning  tickets  are  entered  into  the 
computer  to  ensure  the  tickets  are  valid  and  not  stolen. 

Big  Spins 

The  Montana  Lottery  has  awarded  over  six  million  dollars  in  prizes  to  Big 
Spin  winners.  The  current  Big  Spin  Wheel  has  100  slots  on  the  wheel  with  prizes 
ranging  from  $3,000  to  one  million  dollars.  The  prize  structure  on  the  wheel  has 
been  changed  twice  since  the  Big  Spin  was  initiated.  The  following  chart  displays  the 
changes  made  to  the  original  Big  Spin  Wheel  prize  structure. 


BIG  SPIN  WHEEl 

,  PRIZE  STRUCTURE 

OrlgJ 

.nal 

First 

Change 
#of 

Current 

Prizes 

#of 

#of 

Slots 

Prizes 

Slots 

Prizes 

Slots 

Jackpot 

2 

Jackpot 

2 

$1  Million 

1 

$10,000 

10 

$25,000 

3 

$100,000 

2 

$  5,000 

10 

$10,000 

10 

$  50,000 

3 

$  4,000 

10 

$  5.000 

10 

$  25.000 

4 

$  3,000 

10 

$  4,000 

10 

$  10.000 

20 

$  2,000 

50 

$  3,000 

10 

$  5.000 

25 

$  1.000 

8 

$  2,000 

50 

$   4,000 

35 

$  1,000 

5 

$   3.000 

10 

Source : 

Compiled 

by  the  Office  of  the 

Legislative  Auditor  from 

Lottery 

records 

Illustration  #5 
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The  current  prize  structure  of  the  wheel  is  constant  and  the  jackpot  amount 
does  not  increase  after  each  unsuccessful  spin.  The  jackpot  initially  increased 
$25,000  after  each  unsuccessful  spin,  and  then  $15,000  prior  to  the  most  recent 
change. 

Prior  to  contestants  spinning  the  wheel,  a  randomization  test  of  the  Big  Spin 
wheel  is  conducted  by  Lottery  personnel  to  determine  if  the  wheel  is  producing  prize 
amounts  in  a  random  manner.  Normally  six  test  spins  of  the  wheel  are  done; 
however,  if  the  wheel  is  moved  to  a  new  location.  Lottery  personnel  will  conduct 
one-hundred  test  spins.  Once  the  wheel  satisfies  the  randomness  test,  six  additional 
pre-test  spins  are  conducted  that  are  recorded  by  the  event  manager,  security  officer 
and  independent  auditor.  These  spins  ensure  the  wheel  is  producing  amounts  in  a 
random  manner. 

Once  the  Big  Spin  event  starts,  each  contestant  is  allowed  one  valid  spin.  In 
order  for  a  spin  to  be  valid,  the  wheel  must  make  two  complete  revolutions  and  the 
ball  must  remain  in  a  slot  for  five  seconds. 

At  the  conclusion  of  the  Big  Spin  event,  six  post-test  spins  of  the  wheel  are 
conducted.  These  spins  are  also  recorded  by  the  event  manager,  security  officer,  and 
independent  auditor. 

All  cash  prizes  of  $100,000  or  less  are  paid  in  full  (minus  taxes)  to  winners 
immediately  upon  completion  of  the  event.  Prizes  exceeding  $100,000  are  paid 
through  annuities  for  up  to  twenty  years  in  equal  installments. 

Alternate  Big  Spin  Method 

If  for  any  reason  the  Big  Spin  Wheel  is  damaged  or  functioning  improperly 
and  cannot  be  used,  an  alternate  method  is  available.  The  Lottery  has  assembled  film 
canisters  containing  the  slot  numbers  of  the  prize  amounts  on  the  Big  Spin  Wheel. 
If  the  alternate  method  must  be  used,  the  film  canisters  would  be  placed  in  a  large 
plastic  sack.  A  person  could  pick  a  film  canister  from  a  bag,  match  it  to  the 
corresponding  slot  on  the  wheel  and  receive  that  prize  amount.  The  Lottery  has  not 
had  to  rely  on  the  alternate  method  for  any  of  the  previous  Big  Spins. 

LEGISLATIVE  LIAISON  COMMITTEE 

In  January  of  1987,  a  Legislative  Liaison  Committee  was  established  to  report 
on  the  operations  of  the  Lottery.  According  to  section  23-5-1008,  MCA,  "The  liaison 
committee  consists  of  four  legislators.  Two  members  must  be  from  the  senate  and 
two  members  must  be  from  the  house  of  representatives.  The  speaker  of  the  house 
and  the  senate  committee  on  committees  shall  appoint  the  members  of  the  liaison 
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and  the  senate  committee  on  committees  shall  appoint  the  members  of  the  liaison 
committee,  and  no  more  than  two  members  may  be  of  the  same  political  party.  No 
legislator  who  has  any  ownership  in  any  gambling  device  or  establishment  may  be 
appointed  to  the  liaison  committee.  The  liaison  committee  shall  meet  once  each  fiscal 
year  with  the  commission  at  Helena  and  shall  report  to  the  legislature  on  the  activities 
and  operations  of  the  state  lottery." 

As  of  December  1988,  the  Legislative  Liaison  Committee  has  not  held  any 
meetings  with  the  Lottery  Commission. 
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CHAPTER  III 
COMPUTER  SECURITY 

As  part  of  our  audit,  we  examined  security  controls  over  the  Lottery's 
computer  system.  Computer  security  controls  protect  assets  and  limit  losses  from 
three  types  of  basic  threats:  intentional  acts  such  as  fraud  and  sabotage;  disasters 
such  as  water  and  fire;  and  human  errors  and  omissions  such  as  data  entry  errors. 
During  our  audit,  we  noted  several  weaknesses  in  computer  security  controls.  These 
weaknesses  concern:  computer  security  reviews;  EDP  audit/data  security 
administrator  functions;  and  physical  and  environmental  controls. 

COMPUTER  SECURITY  REVIEWS 

Section  2-15-114,  MCA,  which  applies  to  all  state  agencies,  states:  "Each 
department  head  is  responsible  for  ensuring  an  adequate  level  of  security  for  all  data 
and  information  technology  resources  within  his  department  and  shall...  implement 
appropriate  cost-effective  safeguards  to  reduce,  eliminate,  or  recover  from  identified 
threats  to  data  and  information  technology  resources"  and  "ensure  internal  evaluations 
of  the  security  program  for  data  and  information  technology  resources  are  con- 
ducted." 

Many  of  the  computer  security  weaknesses  detected  during  our  audit  could 
have  been  addressed  by  an  internal  security  evaluation  performed  by  the  Lottery. 
The  Lottery  reviewed  the  software  provided  from  Scientific  Games,  Inc.  to  determine 
if  it  functioned  properly;  however,  the  Lottery  has  not  performed  an  internal 
evaluation  of  data  and  information  technology  resources  security. 

In  order  to  improve  security  over  computer  operations,  we  believe  the  Lottery 
should  perform  an  internal  security  review. 

RECOMMENDATION  #1 

WE  RECOMMEND  THE  LOTTERY  PERFORM  SECURITY  REVIEWS 

AS  REQUIRED  BY  SECTION  2-15-114,  MCA. 

EDP  AUDIT/DATA  SECURITY  ADMINISTRATOR  FUNCTION 

The  EDP  audit  and  data  security  administrator  functions  are  a  very  important 
part  of  the  Lottery  operation.  Properly  organized  and  independent  of  computer 
operations,  the  EDP  audit  function  can  identify  and  strengthen  EDP  security  controls. 
The  data  security  administrator  is  responsible  for  the  implementation,  modification, 

16 


monitoring  and  enforcement  of  data  security.  For  the  duration  of  our  audit,  one 
person  held  a  combined  position  of  EDP  auditor/data  security  administrator.  The 
Lottery  could  improve  EDP  auditor  independence  and  data  security  administrator 
documentation. 

EDP  Auditor  Independence 

The  EDP  auditor  position  is  currently  not  an  internal  audit  function  as 
intended  by  the  job  description  for  that  position.  The  EDP  auditor  performs 
operational  duties  which  are  not  consistent  with  auditor  responsibilities.  The  EDP 
auditor  is  currently  involved  in  routine  computer  operations  such  as  establishing  game 
files,  loading  inventory  and  winner  tapes,  and  grouping  lottery  ticket  claim  forms  for 
entry  into  the  computer.  The  EDP  auditor  also  performs  data  security  administrator 
duties  such  as  hardware  maintenance  and  establishing  passwords  and  computer 
security  levels.  By  creating  and  extensively  working  with  data  directly  related  to  his 
audit  work,  the  EDP  auditor  is  placed  in  a  position  which  would  require  him  to  audit 
his  own  work.  This  impairs  his  independence  and  his  ability  to  objectively  perform 
future  audit  work. 

According  to  the  Standards  for  the  Professional  Practice  of  Internal  Auditing, 
"internal  auditors  should  be  independent  of  the  activities  they  audit."  The  standards 
also  state,  "internal  auditors  should  not  assume  operating  responsibilities.  But  if  on 
occasion  management  directs  internal  auditors  to  perform  nonaudit  work,  it  should 
be  understood  that  they  are  not  functioning  as  internal  auditors.  Moreover,  objec- 
tivity is  presumed  to  be  impaired  when  internal  auditors  audit  any  activity  for  which 
they  had  authority  or  responsibility.  This  impairment  should  be  considered  when 
reporting  audit  results." 

In  order  to  perform  his  auditing  duties  in  an  independent  manner,  we  believe 
the  Lottery  should  remove  the  EDP  auditor  from  job  duties  affecting  his  indepen- 
dence. Computer  operation  duties  can  be  performed  by  the  data  processing 
employees  and  system  administrator  duties  can  be  performed  by  an  existing  employee 
in  the  operations  division. 

RECOMMENDATION  #2 

WE   RECOMMEND  THE   LOTTERY   REMOVE   THE   EDP   AUDITOR 

FROM  PERFORMING  DUTIES  AFFECTING  INDEPENDENCE. 
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Data  Security  Administrator 

The  data  security  administrator  has  access  to  special  computer  functions 
which  establish  file  access  rights  for  each  Lottery  employee.  File  access  rights  allow 
employees  to  read,  update,  delete,  add  files  and  use  certain  programs.  The  data 
security  administrator  is  deciding  who  obtains  file  access  and  is  also  entering  file  and 
program  access  rights  into  the  computer.  We  found  little  documentation  to  support 
the  reasons  why  people  were  given  their  access  rights.  Management  was  not  informed 
of  and  did  not  authorize  any  access  changes. 

Management  should  maintain  some  control  over  establishment  of  or  changes 
to  access  rights.  Without  management's  involvement,  the  potential  exists  for  the  data 
security  administrator  to  make  unauthorized  changes  to  file  access  rights.  Manage- 
ment for  the  data  processing  area  could  authorize  and  monitor  establishment  and 
changes  to  access  rights. 

In  order  to  properly  control  the  data  security  administrator  function,  we 
believe  the  data  security  administrator  should  document  file  access  rights  to  allow 
review  by  management.  We  also  believe  data  processing  management  should  monitor 
and  authorize  these  access  rights  independent  of  the  data  security  administrator. 

RECOMMENDATION  #3 

WE  RECOMMEND  THE  LOTTERY  REQUIRE: 

A.  DATA  PROCESSING  MANAGEMENT  INDEPENDENTLY 
AUTHORIZE  AND  MONITOR  CHANGES  TO  ACCESS  RIGHTS; 
AND, 

B.  THE  DATA  SECURITY  ADMINISTRATOR  DOCUMENT  ACCESS 
RIGHTS  TO  ALLOW  MANAGEMENT  REVIEW. 


PHYSICAL  AND  ENVIRONMENTAL  CONTROLS 

Physical  and  environmental  controls  protect  hardware  and  software  from 
theft,  accidental  destruction,  power  fluctuations,  heat,  water,  dirt  and  other 
exposures.  Weaknesses  in  environmental  controls  unnecessarily  expose  the  Lottery 
to  risk  of  interruption  of  operations.  We  identified  several  areas  where  the  Lottery 
needs  to  improve  physical  and  environmental  controls. 

Water  Pipes 

During  our  observations  we  noted  a  sink  and  water  pipe  are  located  directly 
above  the  computer  room.  We  also  noted  a  water  pipe  is  located  in  the  backup  power 
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supply  room  which  houses  the  Card  Access  System.  This  system  monitors  access  to 
areas  inside  the  Lottery  building. 

The  location  of  the  sink  and  water  pipes  make  Lottery  operations  vulnerable 
to  disruption.  If  the  water  pipes  were  to  break,  damage  could  result  to  the  computer 
system  and  Card  Access  System.  This  would  cause  operational  disruption,  loss  of  data 
and  assets,  and  potential  loss  of  revenue. 

In  order  to  minimize  the  possibility  of  considerable  damage  to  the  computer 
system,  we  believe  the  Lottery  should  eliminate  the  flow  of  water  to  the  loft  area 
above  the  computer  room.  Lottery  officials  stated  eliminating  the  flow  of  water  in 
the  Backup  Power  Supply  room  may  not  be  possible.  In  any  case,  the  Card  Access 
System  should  be  protected  from  potential  water  damage.  The  cost  to  implement  our 
recommendations  is  minimal. 

RECOMMENDATION  #4 

WE  RECOMMEND  THE  LOTTERY: 

A.  ELIMINATE  THE  FLOW  OF  WATER  TO  THE  LOFT  ABOVE  THE 
COMPUTER  ROOM;  AND, 

B.  PROTECT  THE  CARD  ACCESS  SYSTEM  FROM  POTENTIAL 
WATER  DAMAGE. 


Backup  and  Disaster  Recovery 

Backup  and  recovery  planning  consists  of  those  activities  undertaken  in 
anticipation  of  potential  disastrous  events.  Although  the  Lottery  does  store  backup 
data  offsite,  it  does  not  have  a  formal,  tested  backup  and  recovery  plan  or  an 
alternate  site  agreement.  A  major  disruption  in  computer  operations  could  adversely 
effect  Lottery  operations  resulting  in  loss  of  data,  assets  or  revenue. 

Backup  and  recovery  capabilities  should  be  sufficient  to  restore  files  and 
applications  when  loss  or  damage  to  data  occurs.  Adequate  backup  and  recovery 
plans  should  also  include  an  alternate  site  or  equipment  replacement  agreement.  Such 
an  agreement  would  provide  backup  equipment  options  for  the  Stratus  computer 
system.  Presently,  the  Lottery  does  not  have  a  formal  agreement  for  backup  Stratus 
resources. 

We  believe  the  Lottery  should  develop  a  formal,  tested  backup  and  disaster 
recovery  plan  that  includes  backup  equipment  options.  The  Lottery  may  need  to 
negotiate  with  other  state  lotteries  or  Stratus  to  establish  alternate  site  or  equipment 
replacement  agreements. 
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RECOMMENDATION  #5 

WE  RECOMMEND  THE  LOTTERY  DEVELOP  A  FORMAL,  TESTED 
BACKUP  AND  RECOVERY  PLAN  THAT  INCLUDES  AN 
ALTERNATE  SITE  OR  EQUIPMENT  REPLACEMENT  AGREEMENT. 

Tape  Storage/Delivery 

Throughout  our  audit,  we  observed  the  daily  storage  and  delivery  of  computer 
tapes  containing  sensitive  Lottery  information.  We  found  many  tapes  are  stored 
horizontally  and  during  delivery  are  transported  without  protective  coverings. 

Exposing  tapes  to  physical  and  environmental  dangers  could  destroy  data 
contained  on  the  tapes.  Horizontally  stacked  tapes  can  cause  curling  of  tape  edges, 
resulting  in  potential  read  errors  and  loss  of  data.  Transportation  of  computer  tapes 
without  protective  coverings  exposes  tapes  to  extreme  temperature,  dirt,  dust  and 
other  environmental  dangers.  Any  one  of  these  exposures  could  cause  tape  destruc- 
tion and  loss  of  data  resulting  in  disruption  of  lottery  operations. 

In  order  to  protect  computer  tapes  from  destruction  and  loss  of  data,  the 
Lottery  should  store  all  computer  tapes  vertically  and  transport  tapes  with  protective 
coverings. 

RECOMMENDATION  #6 

WE  RECOMMEND  THE  LOTTERY: 

A.  STORE  ALL  COMPUTER  TAPES  VERTICALLY;  AND, 

B.  PURCHASE  TAPE  CASES  FOR  TRANSPORTING  COMPUTER 
TAPES. 
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CHAPTER  IV 

BUILDING  SECIIRTTY 

As  part  of  our  audit  we  reviewed  the  security  over  the  Lottery  building  in 
Helena  to  determine  if  any  deficiencies  exist.  It  is  important  that  sound  procedures 
be  established  for  all  aspects  of  security  to  enhance  the  integrity  of  lottery  operations. 
This  chapter  outlines  improvements  which  can  be  made  in  the  overall  security  of  the 
Lottery  building.  These  improvements  concern  the  Card  Access  System,  key  control 
and  other  related  building  security  issues. 

CARD  ACCESS  SYSTEM 

The  Lottery  has  installed  a  Card  Access  System  which  monitors  access  to  areas 
inside  the  Lottery  building.  Employees  are  issued  pre-programmed  cards  that  allow 
them  access  to  certain  areas  of  the  building.  Access  is  controlled  by  allowing 
employees  to  enter  and  exit  doors  that  are  programmed  into  their  card.  Currently  the 
system  can  record  who  enters  and  exits  the  second  main  door  of  the  Lottery  building, 
who  enters  and  exits  the  computer  room  area  and  computer  room,  and  who  enters  the 
warehouse.  In  total  the  system  can  monitor  the  access  of  eight  doors.  All  access  is 
recorded  on  a  printout. 

During  our  security  review  at  the  Lottery  we  identified  several  areas  where 
the  Lottery  could  improve  the  Card  Access  System.  These  areas  include  evaluating 
time  zones  and  access  levels  for  employees,  reviewing  card  access  printouts  and  the 
Card  Access  System  alarm. 

Time  Zones  and  Access  Levels 

The  Card  Access  System  allows  Lottery  employees  to  have  access  in  several 
different  time  zones  and  building  areas.  Eight  time  zones  exist,  ranging  from  24  hour 
access  seven  days  per  week  to  three  hour  access  two  nights  per  week.  Six  access 
levels  exist,  ranging  from  access  to  all  areas  of  the  Lottery  building  to  entry  into  the 
main  office  area  only.  Excluding  directors  and  security  personnel,  we  found  that 
seven  employees  have  24  hour  access  to  the  Lottery  building  which  may  not  be 
needed. 

Through  an  analysis  of  the  card  access  printout  for  the  last  six  months,  we 
found  that  no  access  was  needed  between  the  hours  of  midnight  and  6:00  a.m.  The 
current  time  zones  built  into  the  system  appear  excessive.  Liberal  time  zones 
decrease  building  security.    Also,  if  the  cards  were  lost  or  stolen,  the  liberal  time 
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zones   increase   the  chance  of  unauthorized  access  to  the   lottery   building  and 
warehouse. 

The  Lottery  does  not  have  written  policies  and  procedures  explaining  the 
criteria  for  developing  employee  access  levels  and  time  zones.  Also,  no  re-evaluation 
of  existing  access  levels  and  time  zones  has  been  completed  by  security  personnel. 

RECOMMENDATION  #7 

WE  RECOMMEND  THE  LOTTERY: 

A.  FORMALIZE  POLICIES  AND  PROCEDURES  EXPLAINING 
THE  CRITERIA  FOR  EMPLOYEE  ACCESS  LEVELS  AND 
TIME  ZONES;  AND, 

B.  STRUCTURE  THE  TIME  ZONES  TO  REFLECT  SECURITY 
NEEDS. 


Reviewing  the  Card  Access  Printout 

The  Card  Access  System  produces  a  printout  of  access  activity  24  hours  a  day 
seven  days  per  week.  Examples  of  access  activity  recorded  by  the  Card  Access 
System  include:  forced  door  entry;  attempted  entry  with  a  non-programmed  card; 
and  all  entries  and  exits  to  and  from  the  building  with  properly  programmed  cards. 
The  day,  date,  time  and  card  number  are  also  recorded  on  the  printout. 

Security  personnel  at  the  Lottery  currently  do  not  review  the  Card  Access 
printout  on  a  daily  basis.  By  not  reviewing  the  printout  daily,  security  personnel  do 
not  monitor  who  is  entering  and  exiting  different  areas  of  the  Lottery  building  and 
are  not  following  up  on  potential  problems  on  a  timely  basis. 

In  order  to  better  monitor  access  in  and  out  of  the  building,  we  believe 
security  personnel  should  review  the  printout  on  a  daily  basis.  Any  questionable 
access  is  then  brought  to  the  attention  of  security  personnel  on  a  timely  basis. 

RECOMMENDATION  #8 

WE     RECOMMEND     THE     LOTTERY     REQUIRE     THE     SECURITY 

STAFF  TO  REVIEW  THE  CARD  ACCESS  PRINTOUT  ON  A   DAILY 

BASIS. 
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Card  Access  System  Alarm 

The  Card  Access  System  has  an  alarm  system  which  consists  of  a  buzzer  inside 
the  computer  console.  When  a  problem  occurs,  such  as  a  forced  door  or  a  denied 
card,  the  alarm  will  sound. 

Because  the  computer  console  is  located  in  the  backup  power  supply  room  in 
the  warehouse,  the  alarm  cannot  be  heard  by  security  personnel  in  the  office  area. 
A  delay  in  response  time  to  the  alarm  by  security  personnel  could  occur. 

We  believe  the  Lottery  should  move  the  Card  Access  System  alarm  to  an  area 
where  security  personnel  could  immediately  hear  it.  If  a  security  breach  occurs 
Lottery  officials  could  immediately  investigate,  thus  improving  building  security. 

RECOMMENDATION  #9 

WE  RECOMMEND  THE  LOTTERY  MOVE  THE  CARD  ACCESS 
SYSTEM  ALARM  TO  AN  AREA  WHERE  IT  CAN  BE  DETECTED  BY 
SECURITY  PERSONNEL. 


KEY  CONTROL 

At  the  present  time  the  Montana  Lottery  does  not  have  any  policies  or 
procedures  for  key  control.  The  Lottery  also  does  not  keep  detailed  records  for  key 
issuance  and  return. 

Failure  to  have  key  issuance  and  recovery  procedures  and  adequate  records 
could  result  in  loss,  misplacement  or  non-return  of  keys.  If  such  situations  were  to 
occur  regularly,  the  public's  confidence  in  Lottery  operations  could  be  damaged. 
Effective  policies  and  procedures  would  provide  the  Lottery  with  guidelines  for 
issuing  and  recovering  keys.  Once  policies  and  procedures  are  established,  a  detailed 
record  of  keys  should  be  kept.  The  detailed  record  should  include:  the  name  of  the 
key  holder;  the  person  authorizing  issuance;  the  areas  of  key  access;  key  identification 
number;  date  of  issue;  and  date  of  return.  We  believe  procedures  and  records  of  key 
issuances  will  improve  security  over  the  Lottery  building. 

RECOMMENDATION  #10 

WE  RECOMMEND  THE  LOTTERY: 

A.  ESTABLISH     POLICIES     AND  PROCEDURES  FOR  ISSUANCE 
AND  CONTROL  OVER  KEYS;  AND, 

B.  MAINTAIN  A  DETAILED  RECORD  OF  KEY  ISSUANCES. 
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BACKUP  POWER  SUPPLY  ROOM 

The  Lottery  has  a  room  in  the  warehouse  that  contains  several  components 
crucial  to  Lottery  operations.  The  room  stores  the  backup  power  supply  system  to 
the  computer  system,  Card  Access  System,  phone  system  and  alarm  system.  On 
several  occasions  during  our  observations  of  warehouse  security  we  noted  the  room 
was  not  locked.  Having  access  to  this  room,  an  intruder  could  cause  extensive 
damage  to  Lottery  operations. 

In  order  to  protect  against  unauthorized  accesses  to  the  room  by  Lottery 
employees  or  intruders,  the  room  should  be  kept  locked  at  all  times. 

RECOMMENDATION  #1 1 

WE     RECOMMEND     THE     LOTTERY  KEEP  THE  BACKUP  POWER 

SUPPLY  ROOM  LOCKED  AT  ALL  TIMES. 
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CHAPTER  V 
OTHER  SECURITY/MANAGEMENT  CONTROLS 

During  our  audit  we  evaluated  other  security  and  management  controls 
relating  to  Lottery  operations.  Although  the  Lottery  has  made  significant  strides  in 
the  development  of  security  and  management  controls  we  identified  areas  for 
improvement.  We  found  the  Lottery  needs  to  update  its  overall  policies  and 
procedures  manual,  develop  security  policies  and  procedures,  perform  background 
checks  on  contracted  employees,  update  position  descriptions  and  job  duties,  and 
establish  a  formal  employee  performance  appraisal  system. 

OVERALL  POLICIES  AND  PROCEDURES 

During  our  audit  of  security  at  the  Montana  Lottery,  we  reviewed  the 
adequacy  of  Lottery  policies  and  procedures.  We  found  the  Lottery  does  not  have 
policies  and  procedures  for  computer  operations  or  updated  policies  and  procedures 
for  its  overall  operation.  Operational  priorities  have  outweighed  the  development  of 
formal  policies  and  procedures. 

At  the  start  of  Lottery  operations.  Scientific  Games,  Inc.  supplied  the  Lottery 
with  a  policies  and  procedures  manual.  As  Lottery  operations  progressed,  procedures 
started  to  vary  from  the  original  manual.  Consequently,  many  parts  of  the  manual 
do  not  reflect  current  Lottery  operations.   The  following  are  some  examples: 

Computer  Policies  and  Procedures  -  the  original  manual  does  not  provide  the 
Lottery  with  any  policies  and  procedures  for  computer  operations.  Section 
2-15-114,  MCA,  requires  departments  for  data  and  information  technology 
resources  to  "develop  and  maintain  written  internal  policies  and  procedures 
to  assure  security  of  data  and  information  technology  resources." 

Ticket  Delivery  -  the  original  manual  states  "if  the  truck  cannot  be  backed 
into  the  warehouse,  the  area  surrounding  the  truck  will  be  roped  off  and 
access  will  be  restricted  to  authorized  personnel  only."  Since  the  Lottery  has 
gates  surrounding  the  warehouse  the  manual  should  state  the  gates  should  be 
closed  and  locked  during  ticket  delivery. 

Guaranteed  Low  End  Prize  Structure  Test  (GLEPS)  -  during  our  audit  we 
noted  that  the  test  for  the  GLEPS  is  not  performed  in  accordance  with  the 
policy  in  the  original  manual.  The  manual  states  "during  the  inventory 
process.  Security  or  the  warehouse  supervisor  will  remove  10  packs  (selected 
at  random  by  the  Director  of  Security)  for  detailed  inspection  of  each  ticket. 
A  security  person  will  perform  the  inspection."  The  Lottery  is  currently 
selecting  one  pack  of  tickets  for  inspection  and  the  inspection  is  being 
performed  by  the  internal  auditor. 
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We  believe  adequate  policies  and  procedures  aid  employees  in  the  perfor- 
mance of  their  duties  and  provide  assurance  that  overall  Lottery  operations  are 
performed  properly  and  consistently. 

RECOMMENDATION  #12 

WE    RECOMMEND   THE    LOTTERY   UPDATE    AND   FOLLOW    THE 

PRESENT  POLICIES  AND  PROCEDURES  MANUAL  FOR  LOTTERY 

OPERATIONS. 


SECURITY  POLICIES  AND  PROCEDURES 

The  Lottery  does  not  have  formal  security  policies  and  procedures  as  part  of 
its  overall  manual.  During  our  audit  we  identified  a  number  of  areas  that  could  be 
covered  in  a  security  policies  and  procedures  manual.  The  following  describes  some 
areas  where  the  Lottery  should  develop  or  update  security  related  policies  and 
procedures. 


Ticket  Disposal  -  at  the  present  time  the  Lottery  does  not  have  a  formal 
policy  for  the  disposal  of  instant  game  tickets  and  Big  Spin  entries.  Some 
instant  game  tickets  have  been  shredded  and  others  sent  back  to  Scientific 
Games,  Inc.  in  Gilroy  for  disposal.  The  security  of  the  Lottery  may  be 
compromised  if  tickets  are  not  properly  destroyed.  Formal  policies  would 
ensure  tickets  are  properly  and  consistently  destroyed. 

Dual  Security  -  dual  security  is  a  security  practice  which  requires  the 
presence  of  two  Lottery  employees  during  significant  Lottery  operations.  We 
noted  dual  security  was  broken  several  times  during  Lottery  operations.  We 
observed  during  mail  pick-up  that  dual  security  was  broken  when  Lottery 
employees  entered  the  postal  area  to  pick-up  Big  Spin  envelopes.  Also  each 
team  picking  up  the  mail  performed  the  pick-up  differently.  Several  times 
during  the  audit  we  observed  a  Lottery  employee  inside  the  fenced  area  of  the 
warehouse  when  no  other  Lottery  employee  was  present.  Formal  policies 
should  ensure  that  dual  security  exists  at  the  proper  times  and  that  duties  are 
performed  consistently. 

Retailer  Signatures  -  during  our  visits  with  marketing  representatives  and 
review  of  retailer  invoices,  we  noted  marketing  representatives  are  allowing 
unauthorized  retailer  employees  to  sign  for  lottery  tickets.  If  the  Lottery  is 
going  to  allow  unauthorized  signatures,  a  formal  policy  should  be  developed 
explaining  the  process  and  information  required  before  tickets  are  released. 

Alarm  Codes  -  on  several  occasions  Lottery  employees  were  unable  to  turn 
the  alarm  system  off  when  necessary.  Training  and  procedures  will  provide 
employees  with  direction  when  entering  codes  to  turn  the  alarm  system  off. 
They  will  also  provide  direction  to  employees  if  problems  arise  when  entering 
codes. 
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Alarm  Documentation  -  when  an  alarm  goes  off  at  the  Lottery,  no  documen- 
tation is  kept  on  the  reason  the  alarm  was  set  off  and  what  follow-up  was 
done  by  the  security  staff.  A  formal  policy  would  help  ensure  that  all  alarm 
incidents  are  documented  and  followed  up  as  necessary. 

Receptionist  -  we  noted  that  on  several  occasions  a  receptionist  was  not  at  the 
front  desk  during  working  hours.  Having  someone  at  the  front  desk  helps 
control  who  is  entering  and  exiting  the  building.  Alternative  controls  need 
to  be  developed  if  no  one  is  able  to  be  at  the  front  desk  during  normal 
working  hours. 

After  Hours  Check  -  at  the  present  time  security  personnel  do  not  check  the 
Lottery  building  for  unauthorized  personnel  at  the  end  of  each  business  day. 
A  formal  policy  should  be  developed  for  after  hours  checks  to  ensure  no 
unauthorized  personnel  are  left  in  the  building. 

Warehouse  Door  and  Front  Gates  -  on  several  occasions  during  our  audit  we 
noticed  that  the  warehouse  door  was  open  during  working  hours  without  the 
front  gates  being  closed  and  locked.  We  also  noticed  that  these  gates  are  not 
locked  at  night.  A  formal  policy  specifying  when  the  front  gates  and  the 
warehouse  door  will  be  opened  and  closed,  would  improve  security  over 
Lottery  operations. 

Bagging  of  Big  Spin  Mail  -  the  Lottery  does  not  have  updated  policies  and 
procedures  for  bagging  Big  Spin  mail  for  the  Big  Spin  Drawing.  Updated 
policies  would  ensure  dual  security  exists  at  all  times  and  that  the  bagging 
process  is  performed  properly  and  consistently. 

We  believe  a  security  policies  and  procedures  manual  will  ensure  Lottery 
employees  are  performing  duties  properly  and  consistently.  It  could  also  serve  as  the 
basis  for  the  Lottery's  own  on-site  security  reviews.  Finally,  sound  security  polices 
will  maintain  the  public's  confidence  in  the  Lottery. 


RECOMMENDATION  #13 

WE  RECOMMEND  THE  LOTTERY  DEVELOP  A  SECURITY  POLICIES 
AND  PROCEDURES  SECTION  TO  BE  INCLUDED  IN  THE  OVERALL 
POLICIES  AND  PROCEDURES  MANUAL. 


EMPLOYEE/RETAILER  BACKGROUND  CHECKS 

An  integral  part  of  the  Security  division's  operation  is  to  conduct  background 
checks  on  employees  and  retailers.  During  our  audit  we  reviewed  the  adequacy  of 
employee/retailer  background  checks.  We  noted  that  the  Lottery  does  not  have  any 
formal  written  policies  and  procedures  for  conducting  employee/retailer  background 
checks.  During  our  review  of  retailer  files  we  noted  some  files  did  not  contain  credit 
reports  and  others  did  not  contain  a  set  of  classified  finger  prints. 
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The  lack  of  formal  written  policies  and  procedures  may  cause  the  Lottery  to 
miss  or  not  inquire  about  important  information  needed  for  employee/retailer 
background  checks.  We  believe  formal  policies  and  procedures  will  assure  proper  and 
consistent  background  information  is  obtained  for  Lottery  employees  and  retailers. 

We  also  noted  that  a  background  check  was  not  completed  on  the  janitorial 
firm  contracted  by  the  Lottery.  While  we  realize  that  janitors  have  access  to  the 
main  office  area  only,  they  are  in  a  position  to  gain  unauthorized  access  in  other 
areas.  We  believe  the  Lottery  should  conduct  a  full  background  investigation  on  the 
janitorial  firm. 

RECOMMENDATION  #14 

WE  RECOMMEND  THE  LOTTERY: 

A.  DEVELOP      POLICIES      AND      PROCEDURES      FOR 
EMPLOYEE/RETAILER  BACKGROUND  CHECKS;  AND, 

B.  CONDUCT  A  BACKGROUND  CHECK  ON  THE  JANITORIAL 
FIRM  EMPLOYED  BY  THE  LOTTERY. 


POSITION  DESCRIPTIONS  AND  JOB  DUTIES 

As  part  of  our  audit  we  examined  position  descriptions  for  Lottery  staff  and 
observed  the  performance  of  their  duties.  We  noted  several  Lottery  employees  are 
performing  duties  inconsistent  with  their  job  descriptions.  The  following  lists  some 
examples  of  duties  Lottery  employees  are  performing  that  are  not  listed  in  their 
position  descriptions: 

the  Investigator  is  involved  in  mail  pick-up,  ticket  delivery  and 
disposal  and  other  warehouse  duties; 

the   Stock   Clerk    II   is    involved    in    mail    pick-up   and   delivery, 
researching  lost  tickets,  and  issuing  and  logging  Instabucks; 

the  Inventory  Control  Technician  II  is  involved  in  mail  pick-up  and 
delivery  and  writing  warehouse  policies  and  procedures;  and, 

the  Internal  Auditor  is  a  back-up  to  Tel-Sell  operations. 

Position  descriptions  should  include  all  the  duties  an  employee  is  required  to 
perform.  We  believe  the  Lottery  should  update  position  descriptions  to  adequately 
describe  the  duties  being  performed  by  its  employees. 
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RECOMMENDATION  #15 

WE  RECOMMEND  THE  LOTTERY  UPDATE  POSITION 
DESCRIPTIONS  TO  ACCURATELY  DESCRIBE  DUTIES  PERFORMED 
BY  EMPLOYEES. 


PERFORMANCE  APPRAISALS 

Performance  appraisals  are  a  tool  used  by  management  to  measure  employee 
performance.  Appraisals  also  provide  employees  with  job  objectives  which  aid  them 
in  the  performance  of  their  duties.  During  our  audit  we  noted  performance 
appraisals  have  not  been  completed  for  any  Lottery  employees  since  the  Lottery's 
inception.   Job  objectives  and  standards  are  still  in  the  drafting  process. 

According  to  the  Department  of  Administration's  Performance  Appraisal 
Policy  listed  in  Montana  Operations  Manual  section  3-0115,  "the  performance  of  each 
full-time  and  part-time  employee  in  a  permanent  position  ...  who  has  completed  a 
probationary  period  shall  be  appraised  during  established  appraisal  periods  of  not 
more  than  one  year's  duration.  The  rating  of  performance  shall  take  place  no  more 
than  sixty  calendar  days  after  the  close  of  the  appraisal  period."  We  believe  the 
Lottery  should  implement  a  formal  employee  performance  appraisal  system. 

RECOMMENDATION  #16 

WE     RECOMMEND     THE     LOTTERY     IMPLEMENT     A     FORMAL 

EMPLOYEE  PERFORMANCE  APPRAISAL  SYSTEM. 

WORKING  PAPER  DOCUMENTATION 

During  our  audit  we  reviewed  working  papers  and  several  reports  prepared 
by  the  internal  audit  function  of  the  Montana  Lottery.  Our  review  showed  there  was 
inadequate  documentation  of  the  audit  work  done  to  adequately  support  the  reports 
issued. 

Without  adequate  documentation  in  the  form  of  audit  plans,  programs  and 
working  papers,  it  is  difficult  for  management  to  review  the  work  done  by  the 
internal  audit  staff.  Also,  external  auditors  are  unable  to  rely  on  the  work  performed 
by  the  internal  audit  function. 

According  to  government  auditing  standards,  "sufficient,  competent,  and 
relevant  evidence  is  to  be  obtained  to  afford  a  reasonable  basis  for  the  auditor's 
judgments  and  conclusions  regarding  the  organization,  program,  activity,  or  function 
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under  audit.  A  record  of  the  auditor's  work  is  to  be  retained  in  the  form  of  working 
papers." 

RECOMMENDATION  #17 

WE  RECOMMEND  THE  LOTTERY  INTERNAL  AUDITOR 
MAINTAIN  BETTER  DOCUMENTATION  IN  THE  FORM  OF  PLANS, 
PROGRAMS,  AND  WORKING  PAPERS. 

SPECIAL  PROMOTIONS 

The  Instabuck  program  is  an  ongoing  special  promotion  program  involving  the 
use  of  coupons.  Each  coupon  has  the  value  of  one  dollar  and  can  be  redeemed  for 
one  Lottery  instant  game  ticket.  Instabucks  are  issued  to  retailers,  retailer  employees 
and  members  of  the  public  during  promotional  or  special  events  sponsored  by  the 
Lottery.  The  Instabucks  can  be  redeemed  at  any  retail  outlet  selling  lottery  tickets. 
Once  retailers  exchange  Instabucks  for  Lottery  tickets,  a  hole  is  punched  in  the 
Instabuck  coupons.  The  coupons  are  then  returned  to  Lottery  headquarters  where  the 
retailers  receive  a  credit  on  their  lottery  account. 

The  Instabucks  were  printed  in  Missoula  and  500,000  were  transported  to 
Lottery  headquarters  by  Lottery  personnel.  The  Instabucks  arrived  in  packs  of  five 
hundred  and  were  not  inventoried.  Several  months  passed  before  the  Lottery  had  an 
accurate  inventory  of  Instabucks.  Even  though  the  coupons  were  stored  in  the 
locked,  fenced  area  of  the  warehouse,  the  coupons  could  have  been  lost,  misplaced 
or  stolen  because  an  accurate  inventory  was  not  completed  immediately  upon  receipt 
of  the  coupons. 

The  issuance  of  Instabucks  also  poses  a  concern.  At  the  present  time 
Instabucks  can  only  be  accounted  for  in  large  quantities.  According  to  policies 
developed  for  the  issuance  of  Instabucks,  "when  distributing  Instabucks  in  a  quantity 
to  an  individual  or  for  an  event,  the  person  distributing  the  Instabucks  should  obtain 
a  signature  from  the  manager  or  manager's  designee  on  the  pre-numbered  Instabuck 
certificate  receipt  form."  However,  these  procedures  do  not  define  what  constitutes 
a  quantity  of  tickets.  We  noted  during  our  visits  with  marketing  representatives  that 
they  were  giving  small  quantities  of  Instabucks  to  employees  of  retailers  and  were  not 
requiring  employees  to  sign  for  them.  The  potential  exists  for  marketing 
representatives  to  give  Instabucks  to  friends  or  relatives  because  strong  controls  do 
not  exist  for  Instabuck  issuances. 


30 


We  also  noted  that  if  Instabucks  are  distributed  directly  to  retailer 
management,  the  potential  exists  for  retailers  to  receive  an  additional  discount  on  the 
purchase  of  instant  game  tickets.  For  example,  if  a  marketing  representative  gave  ten 
Instabucks  directly  to  retail  management,  and  the  retailer  did  not  distribute  the 
Instabucks  to  employees,  the  retailer  could  send  these  Instabucks  into  the  Lottery  and 
receive  a  ten  dollar  credit  on  his  account.  According  to  state  law,  "sales  agents  are 
entitled  to  no  more  than  a  5%  commission  on  tickets  and  chances  sold."  In  order  to 
ensure  retailers  do  not  receive  additional  commissions  from  the  Instabuck  program, 
the  Lottery  needs  to  implement  strong  controls  over  Instabuck  distributions.  Sound 
policies  and  procedures  should  be  developed  before  promotions  are  started.  This  will 
provide  guidance  for  Lottery  employees  when  carrying  out  the  intentions  of 
promotions  and  ensure  that  strong  controls  are  maintained. 

In  order  for  proper  security  controls  to  exist  over  special  promotions,  we 
believe  the  security  division  should  be  involved  whenever  special  promotions  are 
considered.  For  example,  if  promotional  ideas  are  borrowed  from  other  states, 
security  should  contact  that  state's  security  department  about  that  promotion.  Based 
on  their  findings,  security  should  make  recommendations  on  the  proposed  promotion. 

RECOMMENDATION  #18 

WE  RECOMMEND  THE  LOTTERY: 

A.  DEVELOP  POLICIES  AND  PROCEDURES   FOR  INSTABUCK 
DISTRIBUTIONS;  AND 

B.  INVOLVE     SECURITY    STAFF     IN     THE     PLANNING     AND 
DEVELOPMENT  OF  SPECIAL  PROMOTIONS. 


LEGISLATIVE  LIAISON  COMMITTEE 

By  law  a  Legislative  Liaison  Committee  was  established  to  report  to  the 
legislature  on  the  activities  and  operations  of  the  state  lottery.  The  statute  also 
requires  the  committee  meet  with  the  Lottery  Commission  on  an  annual  basis. 

As  of  December  1988,  the  Legislative  Liaison  Committee  and  the  Lottery 
Commission  have  not  held  any  meetings.  The  Lottery  has  been  unsuccessful  in 
scheduling  a  meeting  between  the  two  groups.  In  order  to  comply  with  section  23- 
5-1008,  MCA,  a  meeting  should  be  scheduled  between  the  Lottery  Commission  and 
the  Legislative  Liaison  Committee  every  fiscal  year. 
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RECOMMENDATION  #19 

WE  RECOMMEND  A  MEETING  BE  SCHEDULED  EVERY  FISCAL 
YEAR  BETWEEN  THE  LEGISLATIVE  LIAISON  COMMITTEE  AND 
LOTTERY  COMMISSION. 


SUMMARY 

Operations  for  the  Montana  Lottery  started  in  December  of  1986,  with  the 
appointment  of  a  Director  and  Lottery  Commission.  This  report  concentrates  on 
security  issues  we  identified  during  our  audit.  As  with  any  rapid  growth  situation, 
we  found  operational  priorities  have  superceded  the  development  of  procedures  to 
address  the  security  issues  we  identified  in  this  report. 

Overall,  Lottery  management  and  staff,  have  made  a  good  effort  at 
establishing  adequate  security  over  its  operations.  The  Lottery  is  aware  of  most  of 
the  improvements  which  are  required  and  in  many  cases  has  already  taken  corrective 
action.  We  believe  the  implementation  of  our  recommendations  will  further 
strengthen  the  security  over  Lottery  operations:  thus,  improving  the  public's 
perception  of  the  security  and  integrity  of  the  Lottery. 
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AGENCY  RESPONSE 


Ted  Schwinden 


Diana  S.  Dowling 

Dirnclor 


Gerald  J.  LaChere 
Nancy  L  Goodspeed 


L.John  Onslad 


Montana 


RECEIVED 

JAN  1 0  1989 
Montana  '.figisi'  i-q  /luditor 


January    10,    1989 


2525  N   Montana 

Helena,  MT  59601  0542 

(406)444-HJCK 


Jim  Pellegrini,  Deputy  Legislative  Auditor 
Office  of  the  Legislative  Auditor 
State  Capital 
Helena,  MT   59620 


Dear  Jim, 

Enclosed  are  two  separate  written  replies  to  your  report.   I 
hope  that  this  format  meets  your  needs. 

If  I  can  be  of  further  assistance  to  you  please  feel  free  to 
contact  me. 


L.  \John  Onstad 
Director  of  Security 
Montana  Lottery 


LJO/ml 
Enclosed 


Montana  Lottery  Commission  Members 

Spencer  Hegslad,  Chairman  Keith  Colbo 

Dillon  Helena 


33 

Pat  DeVries 
Poison 


Jim  Moore 
Bozeman 


Glenn  Osborne 
Grnat  Falls 


Reply  To  The  Performance  Audit 
of  Montana  Lottery  Security 


Recommendations 


R  #1 .   We  concur 


Our  timetable  for  the  completion  of  a  Lottery  Security 
Review  is  July  31,  1989. 


R  #2.   We  concur 

Our  timetable   for  complying  with  your  recommendation 
is  May  31,  1989. 


R  #3.   A.   We  concur 

B.   We  concur 

Our   timetable   for  complying   with  both   A  &  B 
recommendations  is  May  31,  1989. 


R  H.   A.   We  concur 

B,   We  concur 

Our   timetable   for   complying   with  both   A  &  B 
recommendations  is  April  28,  1989. 

R  15 .   We  concur 

Our  timetable   for  complying  with  your  recommendation 
is  December  29,  1989. 
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R  #6.   A.   We  concur 
B.   We  concur 


Part  A.  of  your  reconunendation  was  completed  in  the 
early  summer  of  the  1988. 

Part  B.   of   your   recommendation  was  completed  in 
November  of  1988. 


R  #7.   A.   We  concur 

B.   We  concur 

Our  timetable  for  complying  with  both  A  &  B 
recommendations  is  by  April  28,  1989. 

R  #8 .    We  concur 

On  October  1,  1988,  we  began  daily  review  and 
filing  of  the  printout. 

R  #9.    We  concur 

Our  timetable  for  complying  with  your 
recommendation  is  by  March  31,  1989. 

R  ttlO.   A.    We  concur 

B.    We  concur 

Part  A,  of  your  recommendation  will  be  completed  by 
February  28,  1989. 

Part  B.  of  your  recommendation  for  the  detailed 
records  on  the  issuance  of  keys  began  in  the  summer  of 
1988. 
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R  ttll.    We  concur 

The  backup  power  supply  room  has  been  locked  since 
the  svunmer  of  1988. 


R  #12.     We  concur 

Our    timetable    for    complying    with   your 
recommendations  is  by  October  31,  1989. 


R  #13.    We  concur 

Our    timetable    for    complying    with   your 
recommendations  is  by  July  31,  1989. 


R  #14.     A.   We  concur 

B.   We  concur 

Part  A.  Our  timetable  for  complying  with  your 
recommendations  is  by  April  28,  1989. 

Part  B.  A  background  investigation  was  completed 
in  the  fall  of  1988  on  the  janitorial  firm  employed  by  the 
Lottery. 


R  #15.    We  concur 

The  Lottery  is  currently  in  the  process  of  updating 
all  position  descriptions  with  the  assistance  of  the  Commerce 
Personnel  office.  Our  timetable  for  complying  with  your 
recommendations  is  by  July  1,  1989. 


R  #16.     We  concur 

The  Lottery  has  adopted  a  system  and  staff 
supervisors  have  been  trained,  implementations  continuing. 
Our  timetable  for  complying  with  your  recommendations  is  by 
September  29,  1989. 
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R  #17.    We  concur 

Our    timetable    for    complying    with   your 
recommendation  is  effective  immediately. 


R  #18.     A.   We  concur 
B.   We  concur 


Part  A.  Additions  to  the  existing  policies  and 
procedures  regarding  instabucks  was  completed  and  became 
effective  December  12,  1988.  We  intend  to  have  other  policies 
in  place  by  February  28,  1989. 

Part  B.  The  Security  Staff  will  be  involved  in  the 
planning  and  developement  of  special  promotions  effective 
immediately. 


R  #19     We  concur 

We   as   the  Lottery  have  made  several  attempts  to 
arrange  such  a  meeting.    We   find  ourselves   at   a  distinct 
disadvantage  in  this  matter.   We  will  continue  our  efforts. 
On  January   9,  1989  we  have  a  tentative  meeting  scheduled  for 
January  12,  1989. 


37 


